We may not have our LDAP server ready when we bring up our Stash server, so we were wondering if the project and repository permissions will remain the same when we switch from internal user accounts to LDAP authenticated accounts, external directory.
I am not sure that this will work with Stash. Stash references users by their primary key in the database (an integer) and not by the username (which may be what JIRA does).
As such, creating a user "rex" internally may have the user id 1, but when you switch to your LDAP backed user source the user "rex" may end up with id 400. As such, permissions will not be preserved.
I will have to investigate this more and look into our implementation or try it out.
Thanks, Seb and Daniel,
That was our exact concern, so I appreciate the information. We may do a live prototype with the 10 user license, in which case it wouldn't be as painful if we had to export/modify/import user/group and permission information, or even recreate it all by hand.
I sure appreciate your answers.
When you mention "LDAP Authenticated Accounts - external Directory", you mean using a Directory Connector, yes?
Permissions are tied to groups, and if those groups are created in the internal directory (locally), then you have to make sure you recreate them either inside your LDAP itself, or set the LDAP permissions to *Read only, with local groups* and then recreate the groups in JIRA.
A simpler way would be to use Internal Directory With Delegated LDAP Authentication, then you will be able to copy your existing groups from the internal directory to the Internal Directory using Delegated Auth.
I think I might have worded it abit too plainly. IF you are using "Read only, with local groups", then the groups already previously created in your internal directory can be used, and you must assign your LDAP users to those groups. Here is the paragraph from the documentation:
Read Only, with Local Groups
LDAP users, groups and memberships are retrieved from your directory server and can only be modified via your directory server. You cannot modify LDAP users, groups or memberships via the application administration screens. However, you can add groups to the internal directory and add LDAP users to those groups.
Additionally, you can set the option to automatically add users to local groups when they login, such as the all-important jira-users group.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot